<?php
/***************************************************************************
   Coppermine 1.3.1 for CPG-Dragonfly™
  **************************************************************************
   Port Copyright (c) 2004-2005 CPG Dev Team
   http://dragonflycms.com/
  **************************************************************************
   v1.1 (c) by Grégory Demar http://coppermine.sf.net/
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
****************************************************************************/
if (!defined('CPG_NUKE')) { die("You can't access this file directly..."); }

global $template, $cpg_all_installs,$first_install_prefix, $USER;
global $userinfo, $user_prefix, $FAVPICS, $CLASS, $CPG_SESS;

// Define some constants
if (!defined('USER_GAL_CAT')) {
	define('USER_GAL_CAT', 1);
	define('FIRST_USER_CAT', 10000);
	define('RANDPOS_MAX_PIC', 200);
// Constants used by the cpg_die function
	define('INFORMATION', 1);
	define('ERROR', 2);
	define('CRITICAL_ERROR', 3);
}

// Include functions file
require_once("includes/coppermine/functions.inc");

// Initialise the $CONFIG array and some other variables
$CONFIG = array();
// Record User's IP address
//$raw_ip = stripslashes($_SERVER['REMOTE_ADDR']);
$hdr_ip = $raw_ip = $userinfo['user_ip'];

$CONFIG['TABLE_PICTURES'] = $cpg_prefix . "pictures";
$CONFIG['TABLE_ALBUMS'] = $cpg_prefix . "albums";
$CONFIG['TABLE_COMMENTS'] = $cpg_prefix . "comments";
$CONFIG['TABLE_CATEGORIES'] = $cpg_prefix . "categories";
$CONFIG['TABLE_CONFIG'] = $cpg_prefix . "config";
$CONFIG['TABLE_USERGROUPS'] = $first_install_prefix . "usergroups";
$CONFIG['TABLE_VOTES'] = $cpg_prefix . "votes";
$CONFIG['TABLE_USERS'] = $user_prefix . "_users"; //default nuke_

// Retrieve DB stored configuration
if (!isset($cpg_all_installs[$cpg_dir]['config'])) {
	$results = $db->sql_query('SELECT * FROM '. $CONFIG['TABLE_CONFIG']);
	while ($row = $db->sql_fetchrow($results)) {
		$CONFIG[$row['name']] = $row['value'];
	} // while
	$db->sql_freeresult($results);
	$cpg_all_installs[$cpg_dir]['config'] = $CONFIG;
} else {
	$CONFIG = $cpg_all_installs[$cpg_dir]['config'];
}

// Start laoding viewer settings
if (!defined('USER_ID')) {

	// Parse cookie stored user profile
	user_get_profile();

	if (is_user() && $userinfo['user_active_cp']) {
		$sql = "SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = ".$userinfo['group_cp'];
	} else {
		$sql = "SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = 3";
	}
	if ($results = $db->uFetchAssoc($sql)) {
		$USER_DATA = array_merge($results, (array) $userinfo);
		define('USER_ID', $_SESSION['DF_VISITOR']->identity->id <=1 ? 0 : $_SESSION['DF_VISITOR']->identity->id);
	} else {
		define('USER_ID', 0);
	}

	if (can_admin($module_name)) {
		define('CPG_USERNAME',($userinfo['user_id']>1) ? $userinfo['username'] : $_SESSION['DF_VISITOR']->admin->name);
		define('GALLERY_ADMIN_MODE',1);
		define('USER_IN_GROUPS', 1);
		define('USER_IS_ADMIN', 1);
		define('USER_CAN_CREATE_ALBUMS', 1);
		define('USER_CAN_POST_COMMENTS',1);
		define('USER_CAN_UPLOAD_PICTURES',1);
		define('USER_CAN_RATE_PICTURES', 1);
		define('USER_CAN_SEND_ECARDS', 1);
	} elseif (is_user() && $userinfo['user_active_cp']) {
		$sql = "SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = ".$userinfo['user_group_cp'];
		$grouplist = '';
		$user_group_list_cp = explode(',', $USER_DATA['user_group_list_cp']);
		foreach ($user_group_list_cp AS $group) {
			if (is_numeric($group)) {
				$grouplist .= ",".$group;
			}
		}
		define('CPG_USERNAME', $userinfo['username']);
		define('GALLERY_ADMIN_MODE', false);
		define('USER_IN_GROUPS', $USER_DATA['user_group_cp'].$grouplist.",".(FIRST_USER_CAT+$userinfo['user_id']));
		define('USER_IS_ADMIN', intval($USER_DATA['has_admin_access']));
		define('USER_CAN_CREATE_ALBUMS', intval($USER_DATA['can_create_albums']));
		define('USER_CAN_POST_COMMENTS', intval($USER_DATA['can_post_comments']));
		define('USER_CAN_UPLOAD_PICTURES', intval($USER_DATA['can_upload_pictures']));
		define('USER_CAN_RATE_PICTURES', intval($USER_DATA['can_rate_pictures']));
		define('USER_CAN_SEND_ECARDS', intval($USER_DATA['can_send_ecards']));
	} else {
		define('CPG_USERNAME', _ANONYMOUS);//'Anonymous'
		define('GALLERY_ADMIN_MODE', false);
		define('USER_IN_GROUPS', 3);
		define('USER_IS_ADMIN', false);
		define('USER_CAN_CREATE_ALBUMS', intval($USER_DATA['can_create_albums']));
		define('USER_CAN_POST_COMMENTS', intval($USER_DATA['can_post_comments']));
		define('USER_CAN_UPLOAD_PICTURES', intval($USER_DATA['can_upload_pictures']));
		define('USER_CAN_RATE_PICTURES', intval($USER_DATA['can_rate_pictures']));
		define('USER_CAN_SEND_ECARDS', intval($USER_DATA['can_send_ecards']));
	}

	define('USER_ADMIN_MODE', (USER_CAN_CREATE_ALBUMS && USER_ID));

	if (GALLERY_ADMIN_MODE) define('VIS_GROUPS', 'visibility > -1');
	else define('VIS_GROUPS', 'visibility IN (0,'.USER_IN_GROUPS.')');

	// Load language, mod by sengsara/coppermine for CMS crew
	// Process language selection if present in URI or in user profile or try
	// autodetection if default charset is utf-8
	// load language from first install

	if (!defined('PIC_VIEWS')) {
		 Dragonfly::getKernel()->L10N->load('coppermine');
	}

} // end if already loaded

$FAVPICS = array();
// See if the fav cookie is set else set it
if (isset($_COOKIE[$CONFIG['cookie_name'] . '_fav'])) {
	$FAVPICS = unserialize(base64_decode($_COOKIE[$CONFIG['cookie_name'] . '_fav']));
	if (!is_array($FAVPICS) || empty($FAVPICS)) {
		$FAVPICS = array();
	} else {
		foreach ($FAVPICS as $key => $id ){
			$FAVPICS[$key] = intval($id);
		}
	}
}

# GET INTs
if (isset($_GET['album']))    $_GET['album']   = intval($_GET['album']);
if (isset($_GET['pos']))      $_GET['pos']     = intval($_GET['pos']);
if (isset($_GET['pid']))      $_GET['pid']     = intval($_GET['pid']);
if (!empty($_GET['aid']))      $_GET['aid']     = intval($_GET['aid']);
if (!empty($_GET['count']))    $_GET['count']   = intval($_GET['count']);
if (!empty($_GET['id']))       $_GET['id']      = intval($_GET['id']);
if (!empty($_GET['member_id']))$_GET['member_id']=intval($_GET['member_id']);
if (!empty($_GET['page']))     $_GET['page']    = intval($_GET['page']);
if (!empty($_GET['rate']))     $_GET['rate']    = intval($_GET['rate']);
if (!empty($_GET['size']))     $_GET['size']    = intval($_GET['size']);
if (!empty($_GET['slideshow']))$_GET['slideshow']=intval($_GET['slideshow']);
if (!empty($_GET['start']))    $_GET['start']   = intval($_GET['start']);
if (!empty($_GET['uid']))      $_GET['uid']     = intval($_GET['uid']);
if (!empty($_GET['user_id']))  $_GET['user_id'] = intval($_GET['user_id']);
if ('mine' === $_GET->txt('cat')) { $_GET['cat'] = USER_ID+FIRST_USER_CAT; }
# GET PREGs
if (!empty($_GET['event'])&& !preg_match('#^[a-z_]+$#', $_GET['event']))$_GET['event'] = null;
if (!empty($_GET['meta']) && !preg_match('#^[a-z]+$#',  $_GET['meta'])) $_GET['meta']  = null;
if (!empty($_GET['mode']) && !preg_match('#^[a-z_]+$#', $_GET['mode'])) $_GET['mode']  = null;
if (!empty($_GET['opp'])  && !preg_match('#^[a-z]+$#',  $_GET['opp']))  $_GET['opp']   = null;
if (!empty($_GET['sort']) && !preg_match('#^[a-z_]+$#', $_GET['sort'])) $_GET['sort']  = null;
if (!empty($_GET['type']) && !preg_match('#^[a-z]+$#',  $_GET['type'])) $_GET['type']  = null;
if (!empty($_GET['what']) && !preg_match('#^[a-z]+$#',  $_GET['what'])) $_GET['what']  = null;
# GET STRs
if (!empty($_GET['picfile']) && false !== strpos($_GET['picfile'], '..')) $_GET['picfile'] = null;
if (!empty($_GET['startdir'])&& false !== strpos($_GET['startdir'], '..'))$_GET['startdir'] = null;

# POST INTs
if (isset($_POST['pos']))      $_POST['pos']     = intval($_POST['pos']);
if (!empty($_POST['aid']))     $_POST['aid']     = intval($_POST['aid']);
if (!empty($_POST['category']))$_POST['category']= intval($_POST['category']);
if (!empty($_POST['cid']))     $_POST['cid']     = intval($_POST['cid']);
if (!empty($_POST['cid1']))    $_POST['cid1']    = intval($_POST['cid1']);
if (!empty($_POST['cid2']))    $_POST['cid2']    = intval($_POST['cid2']);
if (!empty($_POST['id']))      $_POST['id']      = intval($_POST['id']);
if (!empty($_POST['page']))    $_POST['page']    = intval($_POST['page']);
if (!empty($_POST['user_id'])) $_POST['user_id'] = intval($_POST['user_id']);
if (isset($_POST['pid']) && !is_array($_POST['pid'])) $_POST['pid'] = intval($_POST['pid']);

# POST PREGs
if (!empty($_POST['event'])&& !preg_match('#^[a-z_]+$#',$_POST['event']))$_POST['event'] = null;
if (!empty($_POST['meta']) && !preg_match('#^[a-z]+$#', $_POST['meta'])) $_POST['meta']  = null;
if (!empty($_POST['opp'])  && !preg_match('#^[a-z]+$#', $_POST['opp']))  $_POST['opp']   = null;
if (!empty($_POST['type']) && !preg_match('#^[a-z]+$#', $_POST['type'])) $_POST['type']  = null;
if (!empty($_POST['what']) && !preg_match('#^[a-z]+$#', $_POST['what'])) $_POST['what']  = null;

$cat   = $_POST->uint('cat')   ?: $_GET->uint('cat');
$album = $_POST->uint('album') ?: $_GET->uint('album');
$pid   = $_POST->uint('pid')   ?: $_GET->uint('pid');
$pid   = $_POST->uint('pos')   ?: $_GET->uint('pos');

if (isset($album)) {
	$meta_link = '&amp;album='.$album;
} else {
	$meta_link = '&amp;cat='.$cat;
}
define('META_LNK', $meta_link);
$THEME_DIR ='';
if (!$cpg_block) {
	// Added nuke theme coppermine theme addition hack
	// Thanks to helius theme for coppermine and Sengsara
	$ThemeSel = $CPG_SESS['theme'];
	if (file_exists("themes/$ThemeSel/coppermine/theme.inc") && $CONFIG['theme']== 'default') {
		$THEME_DIR = "themes/$ThemeSel/coppermine";
	} else {
		// Load theme
		if (!file_exists($CPG_M_DIR . "/themes/{$CONFIG['theme']}/theme.inc")) {
			$CONFIG['theme'] = 'default';
		}
		$THEME_DIR = $CPG_M_DIR . "/themes/".$CONFIG['theme'];
	}
	require_once("$THEME_DIR/theme.inc");

	// load the main template
	load_template();
	if (isset($_GET['file']) && !$cpg_block && $_GET['file'] == 'displayimage' && $CONFIG['right_blocks'] == 0 && $showblocks >= 2) {
		$showblocks = 1;
	}
	if ((isset($_GET['slideshow']) && $CONFIG['fullsize_slideshow']) && !$cpg_block && $_GET['file'] == 'displayimage') {
		$showblocks = 0;
	}
	if (isset($_GET['file']) && in_array($_GET['file'],array('editOnePic', 'editpics', 'config', 'upload', 'reviewcom','groupmgr','upload_approval','searchnew','usermgr','albmgr','catmgr')) ){
		$showblocks = 1;
	}
}
